Overview of The SCALANCE S Industrial Ethernet Security Module & Softnet Security Client:
In the case of remote accessing via unsafe networks, such as Internet or WAN, encryption can be used to safeguard the communication against data espionage and manipulation.
As a result of the increasing integrated Ethernet-based interconnection of automation networks with other networks (e.g. MES or office networks), or connection to company Intranets and remote maintenance via WAN or Internet, modern industrial communication is subject to considerable risks and dangers. Existing security concepts designed for office environments are no longer sufficient for the special requirements of automation technology, because they require permanent maintenance and special expert knowledge the integration in existing networks is not free from retroaction, i.e. network topologies have to be changed and network subscribers newly configured the special world of automation protocols is not accounted for, in particular Layer 2 protocols.
Security functions of The SCALANCE S Industrial Ethernet Security Module & Softnet Security Client:
The Siemens Scalance S security module utilises all of the common IT security standards including IPSEC to allow you to utilise the following Security functionality.
VPN (Virtual Private Network)
For safe authentication (identification) of network subscribers, for data encryption and checking of data integrity.
Filters data packages and disables or enables communication connections in accordance with a filter list (packet-filter firewall). Both incoming and outgoing communication can be filtered. IP and MAC addresses, as well as communication protocols (ports) are filtered. The firewall can be used as an alternative, or as a supplement to VPN.
Authentication of The SCALANCE S Industrial Ethernet Security Module & Softnet Security Client:
Every incoming data stream is monitored and checked. In view of the fact that IP addresses can be forged (IP spoofing), checking the IP address (of the client access) is not enough. In addition, client PCs may have changing IP addresses. For this reason authentication is carried out by means of proven VPN mechanisms.
Data encryption of The SCALANCE S Industrial Ethernet Security Module & Softnet Security Client:
Safe encryption is needed to protect the data exchange against espionage and manipulation. In this way the data will remain unintelligible for any eavesdropper in the network. The Security Module will establish a VPN tunnel to other Security Modules for this purpose.
Logging of The SCALANCE S Industrial Ethernet Security Module & Softnet Security Client:
To be able to identify and follow-up attack or access attempts, such data can be stored in a log file and read out with the configuration tool.
Configuration without special security know-how
The configuration can also be done by users possessing very little knowledge about security mechanisms. The minimum configuration needed is to allocate the Security Modules of a network to groups. Only the modules within a group can establish VPN tunnels with one another. This ensures that only authenticated and authorized devices can access a network subscriber protected by a Security Module. Above that the data transmission is encrypted and in this way protected against espionage and manipulation. In view of the fact that the configuration tool generates the VPN certificates, no elaborate PKI infrastructure or separate creation or loading of keys is necessary! Automatic learning by the subscribers of the internal network and recognizing of other Security Modules in a network ensures a minimum of configuration work and also enables dynamic expansion without much configuration!
The configuration tool is included in the scope of supply of SCALANCE S.
Module replacement without programming device
The C-PLUG (Configuration Plug) is available as an option to save all the configuration data of a SCALANCE S module. If a SCALANCE S device should fail, the C-PLUG can be removed and plugged into the new SCALANCE S device, so that downtime is reduced considerably.
Unique strain relief concept
The SCALANCE S series have new strain relief sleeves on electrical ports which when used with PROFINET compliant Industrial Ethernet connectors eg. FastConnect RJ45 Plug 180, provides improved tensile and bending force resistance (from the connected data cables) in comparison with standard RJ45 connectors.
Application of The SCALANCE S Industrial Ethernet Security Module & Softnet Security Client:
User benefits of SCALANCE S
Access control for automation devices and protection of data transmission in an industrial environment. Security is completely independent of the protocol, i.e. all the IP-based (layer 3) and MAC-based (layer 2) communication can be protected.
Handling is easy with only a minimum of configuration and no specialist knowledge on IT security is needed.
Problem free integration into existing networks with neither the network topology having to be changed or adapted, nor any network subscriber newly configured.
Robust, industrialized design, tailored for the requirements of an industrial environment.In addition to SCALANCE S we also provide a SOFTNET Security Client for the design of secure VPN connections of PGs/PCs with network segments protected by SCALANCE.